No items found.

March 20, 2023

Polygon zkEVM Security Measures: The Journey Toward a Safe, Decentralized Mainnet Beta

No items found.

Polygon Labs’ highest priority is security. Now that Polygon zkEVM has been battle-tested over the course of successive testnets, it’s nearly ready for a Mainnet Beta release. That doesn’t, however, mean it’s ready to be released without any guardrails in place. Polygon zkEVM Mainnet Beta will be released with a set of security features that will evolve over stages and will pave the way for the ultimate goal of decentralization.

There’s no such thing as a truly innovative technology that carries no risks at launch. That’s why we are launching Polygon zkEVM Mainnet Beta with “limited training wheels,” according to Vitalik’s useful taxonomy of rollup milestones.  

As Mainnet Beta goes on, the goal is to reach stage two: “No training wheels,” in Vitalik’s formulation. This second stage will bring Polygon zkEVM closer to its goal of decentralization. 

Polygon Labs recognizes that it’s important to get this right and to communicate with the Ethereum community about what exactly the core team is doing and the Polygon zkEVM roadmap to greater decentralization. 

Stage 1 - Mainnet Beta Launch: Limited training wheels 

During the stage one of Polygon zkEVM Mainnet Beta, there will be a few major goals: 

✅ Gain experience and network maturity in preparation for the transition to stage two–i.e., no training wheels, censorship resistant network

✅ Try out smart contracts in a Mainnet Beta environment (inevitably different than a testnet)

✅ Document user and dev experiences

✅ Allow code reviewers to participate in the bug bounty program

✅ Complete further audits

The security features are as follows: 

  1. Appointment of a Security Council multisig who can perform emergency upgrades. Polygon zkEVM’s Security Council is a 4/7 multisig made up of highly reputable members of the Ethereum community. The Security Council can act quickly in case of security risk.
  2. Polygon zkEVM can, in this first stage, be upgraded with no time lock if the Security Council considers there is a security threat. This is necessary so that the core devs can address any major issues that could arise at this early stage, when the uncertainty about possible vulnerabilities is greatest.
  3. A bug bounty program will be in place starting at Mainnet Beta launch; this program will continue throughout the different stages.  
  4. And finally, during stage one, the ability to force transactions to Ethereum L1 will not be enabled immediately–but it will be enabled within a month after launch. First on the ongoing testnet and, later, on mainnet.

Stage 2 - No training wheels 

After a certain period of time in stage one, Polygon zkEVM will have its training wheels removed in accordance with the criteria established by Vitalik for stage two:  “In the event that code does not have bugs, there must not be any group of actors that can, even unanimously, post a state root other than the output of the code.” 

In order to reach this stage, Polygon zkEVM will have to have reached an optimal level of network maturity after a few months running, and it will also be necessary for no critical bugs  to have been reported within a period of 3-6 months. Only once these hurdles have been cleared will the training wheels be further loosened.  The following next steps will complete the transition to stage two: 

  1. Full implementation of forced transactions to L1. In other words, users will have the ability to force their transactions to L1 if something goes wrong with Polygon zkEVM, including a failing of the trusted sequencer. Implementing this feature will give Polygon zkEVM censorship resistance.
  2. The Emergency Halt Switch will be removed, meaning that there will no longer be a Security Council that could upgrade Polygon zkEVM without a timelock.
  3. Upgrades are still allowed, but with a timelock of >= 30 days.

Polygon zkEVM makes one major departure from Vitalik’s criteria for the conditions under which a Security Council could assert itself: The rollup does not use “two or more provers.” As of now, Polygon zkEVM  uses only a single prover. At this time, the core team believes this is the most practical approach, for a number of technical reasons, including the probability that two provers implemented by the same team would include the same mistakes in both. And two provers built by different teams are unlikely to be interoperable to a degree sufficient to mitigate risks beyond the measures being implemented and discussed here. 

Based on the features above, stage two of Polygon zkEVM will achieve censorship-resistance. This means that nothing, including the centralized sequencer and aggregator, can gain access to user funds or lock up such funds.

Fine-Tuning on the Road to Decentralization

These are the measures designed to protect Mainnet Beta devs and users as this bleeding-edge technology is fine-tuned in what will be, for the time being, a relatively centralized state. Polygon zkEVM’s core team is aiming to achieve a higher degree of decentralization in the future. For now, it makes sense to sacrifice a certain amount of decentralization in favor of greater user security.

Polygon zkEVM is nearly ready for Mainnet Beta because it’s the leading source-available, EVM-equivalent zkEVM, it’s been rigorously audited, and it’s passing the relevant vectors in the Ethereum test suite. The schema outlined above is the best way to help protect users. Polygon Labs looks forward to discussing the details of this approach at the Ethereum Magicians Forum.

A Request to the Ethereum Community

Polygon Labs would also like to ask the Ethereum Community to please use Polygon zkEVM responsibly, with an awareness that it’s an emerging technology with imperfections. Polygon zkEVM Mainnet Beta is a crucial moment for Ethereum–a major step forward on the most important adventure in Web3. Scaling Ethereum is a community effort. We all have to work together on our journey to the frontiers of Web3. 


For a comprehensive resource on Polygon zkEVM, check out the documentation wiki. And if you’re interested in (or perplexed by) Zero Knowledge, follow Polygon’s dedicated ZK handle, @0xPolygon, and head over to our ZK forum

Website | Twitter | Developer Twitter | Telegram | Reddit | Discord | Instagram | Facebook | LinkedIn

Book a call
Payments
Open Money Stack
Wallets
Institutional
DeFi
Polygon Chain
Polygon News
Case Studies
Polygon CDK
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

May 6, 2026

Open Money Stack
Polygon CDK
Payments

Cross-chain Security Is a Chain Design Decision Now

May 4, 2026

Open Money Stack
Wallets

Private Payments Are Live on Polygon

April 30, 2026

Open Money Stack
Payments
Wallets

Move from a Credit Card to Anywhere Onchain in 1-click: The Latest Upgrade to Polygon Trails

April 29, 2026

Open Money Stack
Payments
Institutional
Polygon Chain
Polygon News

Meta Announces USDC Creator Payouts on Polygon

April 29, 2026

Polygon Chain
Open Money Stack
Institutional
Payments

Modern Treasury Integrates on Polygon to Support Stablecoin Payments

April 29, 2026

Open Money Stack
Institutional
Payments
Polygon Chain

Visa Partners Can Now Settle Stablecoins on Polygon

April 28, 2026

Open Money Stack
Institutional
DeFi
Payments

$205M+ in Cross-Chain Intents. One Integration to Get There.

April 27, 2026

Open Money Stack

The API Paradox: Why More Integration Options Make Payments Harder

April 23, 2026

DeFi
Polygon CDK

Agglayer Processed $200M after KelpDAO Hack with Zero Incidents. ZK Proofs Are Why.

April 21, 2026

Payments
Open Money Stack

Non-USD Stablecoins: What Enterprise Payment Teams Should Know About Local Currency Settlement

Next
PREV
More Blogs
© 2026 Polygon Labs UI (Cayman) Ltd. All rights reserved
Consent Preferences